/
login.php
executable file
·58 lines (46 loc) · 1.19 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
include("database.php");
error_reporting(E_ERROR | E_PARSE);
session_start();
$username = (isset($_POST['username']) ? $_POST['username'] : "");
$password = (isset($_POST['password']) ? $_POST['password'] : "");
$sql = "SELECT username,password,account_type,account_id FROM accounts WHERE username='".$username."' AND account_type!=\"Closed\"";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
$row = $result->fetch_row();
$cpassword = $row[1];
$accttype = $row[2];
$acctid=$row[3];
if (password_verify($password, $cpassword))
{
/*
echo "<h1>Success! ".$accttype."</h1>";
*/
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $cpassword;
$_SESSION['key'] = session_id();
$_SESSION['id'] = $acctid;
include("check.php");
}
else
{
$_SESSION['errMsg'] = "Invalid username and/or password";
header("Location: login.php");
die;
}
}
else
{
$_SESSION['errMsg'] = "Invalid username and/or password";
header("Location: index.php");
die;
}
if($username == "" || $password == "")
{
$_SESSION['errMsg'] = "Please enter username and/or password";
header("Location: index.php");
die;
}
$conn->close();
?>